1 /* $OpenBSD: udp_usrreq.c,v 1.216 2016/07/22 11:14:41 mpi Exp $ */ 2 /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 33 * 34 * NRL grants permission for redistribution and use in source and binary 35 * forms, with or without modification, of the software and documentation 36 * created at NRL provided that the following conditions are met: 37 * 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgements: 45 * This product includes software developed by the University of 46 * California, Berkeley and its contributors. 47 * This product includes software developed at the Information 48 * Technology Division, US Naval Research Laboratory. 49 * 4. Neither the name of the NRL nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 54 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 56 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 57 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 58 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 59 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 60 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 61 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 62 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 63 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 64 * 65 * The views and conclusions contained in the software and documentation 66 * are those of the authors and should not be interpreted as representing 67 * official policies, either expressed or implied, of the US Naval 68 * Research Laboratory (NRL). 69 */ 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/mbuf.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/sysctl.h> 78 #include <sys/domain.h> 79 80 #include <net/if.h> 81 #include <net/if_var.h> 82 #include <net/if_media.h> 83 #include <net/route.h> 84 85 #include <netinet/in.h> 86 #include <netinet/in_var.h> 87 #include <netinet/ip.h> 88 #include <netinet/in_pcb.h> 89 #include <netinet/ip_var.h> 90 #include <netinet/ip_icmp.h> 91 #include <netinet/udp.h> 92 #include <netinet/udp_var.h> 93 94 #ifdef IPSEC 95 #include <netinet/ip_ipsp.h> 96 #include <netinet/ip_esp.h> 97 #endif 98 99 #ifdef INET6 100 #include <netinet6/in6_var.h> 101 #include <netinet6/ip6_var.h> 102 #include <netinet6/ip6protosw.h> 103 #endif /* INET6 */ 104 105 #include "pf.h" 106 #if NPF > 0 107 #include <net/pfvar.h> 108 #endif 109 110 #ifdef PIPEX 111 #include <netinet/if_ether.h> 112 #include <net/pipex.h> 113 #endif 114 115 #include "vxlan.h" 116 #if NVXLAN > 0 117 #include <net/if_vxlan.h> 118 #endif 119 120 /* 121 * UDP protocol implementation. 122 * Per RFC 768, August, 1980. 123 */ 124 int udpcksum = 1; 125 126 u_int udp_sendspace = 9216; /* really max datagram size */ 127 u_int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); 128 /* 40 1K datagrams */ 129 130 int *udpctl_vars[UDPCTL_MAXID] = UDPCTL_VARS; 131 132 struct inpcbtable udbtable; 133 struct udpstat udpstat; 134 135 int udp_output(struct inpcb *, struct mbuf *, struct mbuf *, struct mbuf *); 136 void udp_notify(struct inpcb *, int); 137 138 #ifndef UDB_INITIAL_HASH_SIZE 139 #define UDB_INITIAL_HASH_SIZE 128 140 #endif 141 142 void 143 udp_init(void) 144 { 145 in_pcbinit(&udbtable, UDB_INITIAL_HASH_SIZE); 146 } 147 148 #ifdef INET6 149 int 150 udp6_input(struct mbuf **mp, int *offp, int proto) 151 { 152 struct mbuf *m = *mp; 153 154 udp_input(m, *offp, proto); 155 return IPPROTO_DONE; 156 } 157 #endif 158 159 void 160 udp_input(struct mbuf *m, ...) 161 { 162 struct ip *ip; 163 struct udphdr *uh; 164 struct inpcb *inp = NULL; 165 struct mbuf *opts = NULL; 166 struct ip save_ip; 167 int iphlen, len; 168 va_list ap; 169 u_int16_t savesum; 170 union { 171 struct sockaddr sa; 172 struct sockaddr_in sin; 173 #ifdef INET6 174 struct sockaddr_in6 sin6; 175 #endif /* INET6 */ 176 } srcsa; 177 #ifdef INET6 178 struct ip6_hdr *ip6; 179 #endif /* INET6 */ 180 #ifdef IPSEC 181 struct m_tag *mtag; 182 struct tdb_ident *tdbi; 183 struct tdb *tdb; 184 int error; 185 u_int32_t ipsecflowinfo = 0; 186 #endif /* IPSEC */ 187 188 va_start(ap, m); 189 iphlen = va_arg(ap, int); 190 va_end(ap); 191 192 udpstat.udps_ipackets++; 193 194 switch (mtod(m, struct ip *)->ip_v) { 195 case 4: 196 ip = mtod(m, struct ip *); 197 #ifdef INET6 198 ip6 = NULL; 199 #endif /* INET6 */ 200 srcsa.sa.sa_family = AF_INET; 201 break; 202 #ifdef INET6 203 case 6: 204 ip = NULL; 205 ip6 = mtod(m, struct ip6_hdr *); 206 srcsa.sa.sa_family = AF_INET6; 207 break; 208 #endif /* INET6 */ 209 default: 210 goto bad; 211 } 212 213 IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); 214 if (!uh) { 215 udpstat.udps_hdrops++; 216 return; 217 } 218 219 /* Check for illegal destination port 0 */ 220 if (uh->uh_dport == 0) { 221 udpstat.udps_noport++; 222 goto bad; 223 } 224 225 /* 226 * Make mbuf data length reflect UDP length. 227 * If not enough data to reflect UDP length, drop. 228 */ 229 len = ntohs((u_int16_t)uh->uh_ulen); 230 if (ip) { 231 if (m->m_pkthdr.len - iphlen != len) { 232 if (len > (m->m_pkthdr.len - iphlen) || 233 len < sizeof(struct udphdr)) { 234 udpstat.udps_badlen++; 235 goto bad; 236 } 237 m_adj(m, len - (m->m_pkthdr.len - iphlen)); 238 } 239 } 240 #ifdef INET6 241 else if (ip6) { 242 /* jumbograms */ 243 if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff) 244 len = m->m_pkthdr.len - iphlen; 245 if (len != m->m_pkthdr.len - iphlen) { 246 udpstat.udps_badlen++; 247 goto bad; 248 } 249 } 250 #endif 251 else /* shouldn't happen */ 252 goto bad; 253 254 /* 255 * Save a copy of the IP header in case we want restore it 256 * for sending an ICMP error message in response. 257 */ 258 if (ip) 259 save_ip = *ip; 260 261 #ifdef INET6 262 if (ip6) { 263 /* Be proactive about malicious use of IPv4 mapped address */ 264 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 265 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 266 /* XXX stat */ 267 goto bad; 268 } 269 } 270 #endif /* INET6 */ 271 272 /* 273 * Checksum extended UDP header and data. 274 * from W.R.Stevens: check incoming udp cksums even if 275 * udpcksum is not set. 276 */ 277 savesum = uh->uh_sum; 278 if (uh->uh_sum == 0) { 279 udpstat.udps_nosum++; 280 #ifdef INET6 281 /* 282 * In IPv6, the UDP checksum is ALWAYS used. 283 */ 284 if (ip6) 285 goto bad; 286 #endif /* INET6 */ 287 } else { 288 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 289 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 290 udpstat.udps_badsum++; 291 goto bad; 292 } 293 udpstat.udps_inswcsum++; 294 295 if (ip) 296 uh->uh_sum = in4_cksum(m, IPPROTO_UDP, 297 iphlen, len); 298 #ifdef INET6 299 else if (ip6) 300 uh->uh_sum = in6_cksum(m, IPPROTO_UDP, 301 iphlen, len); 302 #endif /* INET6 */ 303 if (uh->uh_sum != 0) { 304 udpstat.udps_badsum++; 305 goto bad; 306 } 307 } 308 } 309 310 #ifdef IPSEC 311 if (udpencap_enable && udpencap_port && 312 #if NPF > 0 313 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 314 #endif 315 uh->uh_dport == htons(udpencap_port)) { 316 u_int32_t spi; 317 int skip = iphlen + sizeof(struct udphdr); 318 319 if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) { 320 /* packet too short */ 321 m_freem(m); 322 return; 323 } 324 m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi); 325 /* 326 * decapsulate if the SPI is not zero, otherwise pass 327 * to userland 328 */ 329 if (spi != 0) { 330 if ((m = m_pullup(m, skip)) == NULL) { 331 udpstat.udps_hdrops++; 332 return; 333 } 334 335 /* remove the UDP header */ 336 bcopy(mtod(m, u_char *), 337 mtod(m, u_char *) + sizeof(struct udphdr), iphlen); 338 m_adj(m, sizeof(struct udphdr)); 339 skip -= sizeof(struct udphdr); 340 341 espstat.esps_udpencin++; 342 ipsec_common_input(m, skip, offsetof(struct ip, ip_p), 343 srcsa.sa.sa_family, IPPROTO_ESP, 1); 344 return; 345 } 346 } 347 #endif 348 349 switch (srcsa.sa.sa_family) { 350 case AF_INET: 351 bzero(&srcsa, sizeof(struct sockaddr_in)); 352 srcsa.sin.sin_len = sizeof(struct sockaddr_in); 353 srcsa.sin.sin_family = AF_INET; 354 srcsa.sin.sin_port = uh->uh_sport; 355 srcsa.sin.sin_addr = ip->ip_src; 356 break; 357 #ifdef INET6 358 case AF_INET6: 359 bzero(&srcsa, sizeof(struct sockaddr_in6)); 360 srcsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 361 srcsa.sin6.sin6_family = AF_INET6; 362 srcsa.sin6.sin6_port = uh->uh_sport; 363 #if 0 /*XXX inbound flowinfo */ 364 srcsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 365 #endif 366 /* KAME hack: recover scopeid */ 367 in6_recoverscope(&srcsa.sin6, &ip6->ip6_src); 368 break; 369 #endif /* INET6 */ 370 } 371 372 #if NVXLAN > 0 373 if (vxlan_enable > 0 && 374 #if NPF > 0 375 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 376 #endif 377 (error = vxlan_lookup(m, uh, iphlen, &srcsa.sa)) != 0) { 378 if (error == -1) { 379 udpstat.udps_hdrops++; 380 m_freem(m); 381 } 382 return; 383 } 384 #endif 385 386 if (m->m_flags & (M_BCAST|M_MCAST)) { 387 struct inpcb *last; 388 /* 389 * Deliver a multicast or broadcast datagram to *all* sockets 390 * for which the local and remote addresses and ports match 391 * those of the incoming datagram. This allows more than 392 * one process to receive multi/broadcasts on the same port. 393 * (This really ought to be done for unicast datagrams as 394 * well, but that would cause problems with existing 395 * applications that open both address-specific sockets and 396 * a wildcard socket listening to the same port -- they would 397 * end up receiving duplicates of every unicast datagram. 398 * Those applications open the multiple sockets to overcome an 399 * inadequacy of the UDP socket interface, but for backwards 400 * compatibility we avoid the problem here rather than 401 * fixing the interface. Maybe 4.5BSD will remedy this?) 402 */ 403 404 iphlen += sizeof(struct udphdr); 405 406 /* 407 * Locate pcb(s) for datagram. 408 * (Algorithm copied from raw_intr().) 409 */ 410 last = NULL; 411 TAILQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { 412 if (inp->inp_socket->so_state & SS_CANTRCVMORE) 413 continue; 414 #ifdef INET6 415 /* don't accept it if AF does not match */ 416 if (ip6 && !(inp->inp_flags & INP_IPV6)) 417 continue; 418 if (!ip6 && (inp->inp_flags & INP_IPV6)) 419 continue; 420 #endif 421 if (rtable_l2(inp->inp_rtableid) != 422 rtable_l2(m->m_pkthdr.ph_rtableid)) 423 continue; 424 if (inp->inp_lport != uh->uh_dport) 425 continue; 426 #ifdef INET6 427 if (ip6) { 428 if (inp->inp_ip6_minhlim && 429 inp->inp_ip6_minhlim > ip6->ip6_hlim) 430 continue; 431 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 432 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, 433 &ip6->ip6_dst)) 434 continue; 435 } else 436 #endif /* INET6 */ 437 { 438 if (inp->inp_ip_minttl && 439 inp->inp_ip_minttl > ip->ip_ttl) 440 continue; 441 442 if (inp->inp_laddr.s_addr != INADDR_ANY) { 443 if (inp->inp_laddr.s_addr != 444 ip->ip_dst.s_addr) 445 continue; 446 } 447 } 448 #ifdef INET6 449 if (ip6) { 450 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 451 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, 452 &ip6->ip6_src) || 453 inp->inp_fport != uh->uh_sport) 454 continue; 455 } else 456 #endif /* INET6 */ 457 if (inp->inp_faddr.s_addr != INADDR_ANY) { 458 if (inp->inp_faddr.s_addr != 459 ip->ip_src.s_addr || 460 inp->inp_fport != uh->uh_sport) 461 continue; 462 } 463 464 if (last != NULL) { 465 struct mbuf *n; 466 467 n = m_copym(m, 0, M_COPYALL, M_NOWAIT); 468 if (n != NULL) { 469 #ifdef INET6 470 if (ip6 && (last->inp_flags & 471 IN6P_CONTROLOPTS || 472 last->inp_socket->so_options & 473 SO_TIMESTAMP)) 474 ip6_savecontrol(last, n, &opts); 475 #endif /* INET6 */ 476 if (ip && (last->inp_flags & 477 INP_CONTROLOPTS || 478 last->inp_socket->so_options & 479 SO_TIMESTAMP)) 480 ip_savecontrol(last, &opts, 481 ip, n); 482 483 m_adj(n, iphlen); 484 if (sbappendaddr( 485 &last->inp_socket->so_rcv, 486 &srcsa.sa, n, opts) == 0) { 487 m_freem(n); 488 m_freem(opts); 489 udpstat.udps_fullsock++; 490 } else 491 sorwakeup(last->inp_socket); 492 opts = NULL; 493 } 494 } 495 last = inp; 496 /* 497 * Don't look for additional matches if this one does 498 * not have either the SO_REUSEPORT or SO_REUSEADDR 499 * socket options set. This heuristic avoids searching 500 * through all pcbs in the common case of a non-shared 501 * port. It assumes that an application will never 502 * clear these options after setting them. 503 */ 504 if ((last->inp_socket->so_options & (SO_REUSEPORT | 505 SO_REUSEADDR)) == 0) 506 break; 507 } 508 509 if (last == NULL) { 510 /* 511 * No matching pcb found; discard datagram. 512 * (No need to send an ICMP Port Unreachable 513 * for a broadcast or multicast datgram.) 514 */ 515 udpstat.udps_noportbcast++; 516 goto bad; 517 } 518 519 #ifdef INET6 520 if (ip6 && (last->inp_flags & IN6P_CONTROLOPTS || 521 last->inp_socket->so_options & SO_TIMESTAMP)) 522 ip6_savecontrol(last, m, &opts); 523 #endif /* INET6 */ 524 if (ip && (last->inp_flags & INP_CONTROLOPTS || 525 last->inp_socket->so_options & SO_TIMESTAMP)) 526 ip_savecontrol(last, &opts, ip, m); 527 528 m_adj(m, iphlen); 529 if (sbappendaddr(&last->inp_socket->so_rcv, 530 &srcsa.sa, m, opts) == 0) { 531 udpstat.udps_fullsock++; 532 goto bad; 533 } 534 sorwakeup(last->inp_socket); 535 return; 536 } 537 /* 538 * Locate pcb for datagram. 539 */ 540 #if NPF > 0 && 0 /* currently disabled */ 541 inp = pf_inp_lookup(m); 542 #endif 543 if (inp == NULL) { 544 #ifdef INET6 545 if (ip6) 546 inp = in6_pcbhashlookup(&udbtable, &ip6->ip6_src, 547 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport, 548 m->m_pkthdr.ph_rtableid); 549 else 550 #endif /* INET6 */ 551 inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport, 552 ip->ip_dst, uh->uh_dport, m->m_pkthdr.ph_rtableid); 553 } 554 if (inp == 0) { 555 int inpl_reverse = 0; 556 if (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) 557 inpl_reverse = 1; 558 ++udpstat.udps_pcbhashmiss; 559 #ifdef INET6 560 if (ip6) { 561 inp = in6_pcblookup_listen(&udbtable, 562 &ip6->ip6_dst, uh->uh_dport, inpl_reverse, m, 563 m->m_pkthdr.ph_rtableid); 564 } else 565 #endif /* INET6 */ 566 inp = in_pcblookup_listen(&udbtable, 567 ip->ip_dst, uh->uh_dport, inpl_reverse, m, 568 m->m_pkthdr.ph_rtableid); 569 if (inp == 0) { 570 udpstat.udps_noport++; 571 if (m->m_flags & (M_BCAST | M_MCAST)) { 572 udpstat.udps_noportbcast++; 573 goto bad; 574 } 575 #ifdef INET6 576 if (ip6) { 577 uh->uh_sum = savesum; 578 icmp6_error(m, ICMP6_DST_UNREACH, 579 ICMP6_DST_UNREACH_NOPORT,0); 580 } else 581 #endif /* INET6 */ 582 { 583 *ip = save_ip; 584 uh->uh_sum = savesum; 585 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 586 0, 0); 587 } 588 return; 589 } 590 } 591 KASSERT(sotoinpcb(inp->inp_socket) == inp); 592 593 #ifdef INET6 594 if (ip6 && inp->inp_ip6_minhlim && 595 inp->inp_ip6_minhlim > ip6->ip6_hlim) { 596 goto bad; 597 } else 598 #endif 599 if (ip && inp->inp_ip_minttl && 600 inp->inp_ip_minttl > ip->ip_ttl) { 601 goto bad; 602 } 603 604 #if NPF > 0 605 if (inp->inp_socket->so_state & SS_ISCONNECTED) 606 pf_inp_link(m, inp); 607 #endif 608 609 #ifdef IPSEC 610 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 611 if (mtag != NULL) { 612 tdbi = (struct tdb_ident *)(mtag + 1); 613 tdb = gettdb(tdbi->rdomain, tdbi->spi, 614 &tdbi->dst, tdbi->proto); 615 } else 616 tdb = NULL; 617 ipsp_spd_lookup(m, srcsa.sa.sa_family, iphlen, &error, 618 IPSP_DIRECTION_IN, tdb, inp, 0); 619 if (error) { 620 udpstat.udps_nosec++; 621 goto bad; 622 } 623 /* create ipsec options while we know that tdb cannot be modified */ 624 if (tdb && tdb->tdb_ids) 625 ipsecflowinfo = tdb->tdb_ids->id_flow; 626 #endif /*IPSEC */ 627 628 opts = NULL; 629 #ifdef INET6 630 if (ip6 && (inp->inp_flags & IN6P_CONTROLOPTS || 631 inp->inp_socket->so_options & SO_TIMESTAMP)) 632 ip6_savecontrol(inp, m, &opts); 633 #endif /* INET6 */ 634 if (ip && (inp->inp_flags & INP_CONTROLOPTS || 635 inp->inp_socket->so_options & SO_TIMESTAMP)) 636 ip_savecontrol(inp, &opts, ip, m); 637 #ifdef INET6 638 if (ip6 && (inp->inp_flags & IN6P_RECVDSTPORT)) { 639 struct mbuf **mp = &opts; 640 641 while (*mp) 642 mp = &(*mp)->m_next; 643 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 644 IPV6_RECVDSTPORT, IPPROTO_IPV6); 645 } 646 #endif /* INET6 */ 647 if (ip && (inp->inp_flags & INP_RECVDSTPORT)) { 648 struct mbuf **mp = &opts; 649 650 while (*mp) 651 mp = &(*mp)->m_next; 652 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 653 IP_RECVDSTPORT, IPPROTO_IP); 654 } 655 #ifdef IPSEC 656 if (ipsecflowinfo && (inp->inp_flags & INP_IPSECFLOWINFO)) { 657 struct mbuf **mp = &opts; 658 659 while (*mp) 660 mp = &(*mp)->m_next; 661 *mp = sbcreatecontrol((caddr_t)&ipsecflowinfo, 662 sizeof(u_int32_t), IP_IPSECFLOWINFO, IPPROTO_IP); 663 } 664 #endif 665 #ifdef PIPEX 666 if (pipex_enable && inp->inp_pipex) { 667 struct pipex_session *session; 668 int off = iphlen + sizeof(struct udphdr); 669 if ((session = pipex_l2tp_lookup_session(m, off)) != NULL) { 670 if ((m = pipex_l2tp_input(m, off, session, 671 ipsecflowinfo)) == NULL) { 672 m_freem(opts); 673 return; /* the packet is handled by PIPEX */ 674 } 675 } 676 } 677 #endif 678 679 iphlen += sizeof(struct udphdr); 680 m_adj(m, iphlen); 681 if (sbappendaddr(&inp->inp_socket->so_rcv, &srcsa.sa, m, opts) == 0) { 682 udpstat.udps_fullsock++; 683 goto bad; 684 } 685 sorwakeup(inp->inp_socket); 686 return; 687 bad: 688 m_freem(m); 689 m_freem(opts); 690 } 691 692 /* 693 * Notify a udp user of an asynchronous error; 694 * just wake up so that he can collect error status. 695 */ 696 void 697 udp_notify(struct inpcb *inp, int errno) 698 { 699 inp->inp_socket->so_error = errno; 700 sorwakeup(inp->inp_socket); 701 sowwakeup(inp->inp_socket); 702 } 703 704 #ifdef INET6 705 void 706 udp6_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *d) 707 { 708 struct udphdr uh; 709 struct sockaddr_in6 sa6; 710 struct ip6_hdr *ip6; 711 struct mbuf *m; 712 int off; 713 void *cmdarg; 714 struct ip6ctlparam *ip6cp = NULL; 715 struct udp_portonly { 716 u_int16_t uh_sport; 717 u_int16_t uh_dport; 718 } *uhp; 719 void (*notify)(struct inpcb *, int) = udp_notify; 720 721 if (sa == NULL) 722 return; 723 if (sa->sa_family != AF_INET6 || 724 sa->sa_len != sizeof(struct sockaddr_in6)) 725 return; 726 727 if ((unsigned)cmd >= PRC_NCMDS) 728 return; 729 if (PRC_IS_REDIRECT(cmd)) 730 notify = in_rtchange, d = NULL; 731 else if (cmd == PRC_HOSTDEAD) 732 d = NULL; 733 else if (cmd == PRC_MSGSIZE) 734 ; /* special code is present, see below */ 735 else if (inet6ctlerrmap[cmd] == 0) 736 return; 737 738 /* if the parameter is from icmp6, decode it. */ 739 if (d != NULL) { 740 ip6cp = (struct ip6ctlparam *)d; 741 m = ip6cp->ip6c_m; 742 ip6 = ip6cp->ip6c_ip6; 743 off = ip6cp->ip6c_off; 744 cmdarg = ip6cp->ip6c_cmdarg; 745 } else { 746 m = NULL; 747 ip6 = NULL; 748 cmdarg = NULL; 749 /* XXX: translate addresses into internal form */ 750 sa6 = *satosin6(sa); 751 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL)) { 752 /* should be impossible */ 753 return; 754 } 755 } 756 757 if (ip6cp && ip6cp->ip6c_finaldst) { 758 bzero(&sa6, sizeof(sa6)); 759 sa6.sin6_family = AF_INET6; 760 sa6.sin6_len = sizeof(sa6); 761 sa6.sin6_addr = *ip6cp->ip6c_finaldst; 762 /* XXX: assuming M is valid in this case */ 763 sa6.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, 764 ip6cp->ip6c_finaldst); 765 if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL)) { 766 /* should be impossible */ 767 return; 768 } 769 } else { 770 /* XXX: translate addresses into internal form */ 771 sa6 = *satosin6(sa); 772 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL)) { 773 /* should be impossible */ 774 return; 775 } 776 } 777 778 if (ip6) { 779 /* 780 * XXX: We assume that when IPV6 is non NULL, 781 * M and OFF are valid. 782 */ 783 struct sockaddr_in6 sa6_src; 784 785 /* check if we can safely examine src and dst ports */ 786 if (m->m_pkthdr.len < off + sizeof(*uhp)) 787 return; 788 789 bzero(&uh, sizeof(uh)); 790 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 791 792 bzero(&sa6_src, sizeof(sa6_src)); 793 sa6_src.sin6_family = AF_INET6; 794 sa6_src.sin6_len = sizeof(sa6_src); 795 sa6_src.sin6_addr = ip6->ip6_src; 796 sa6_src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, 797 &ip6->ip6_src); 798 if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL)) { 799 /* should be impossible */ 800 return; 801 } 802 803 if (cmd == PRC_MSGSIZE) { 804 int valid = 0; 805 806 /* 807 * Check to see if we have a valid UDP socket 808 * corresponding to the address in the ICMPv6 message 809 * payload. 810 */ 811 if (in6_pcbhashlookup(&udbtable, &sa6.sin6_addr, 812 uh.uh_dport, &sa6_src.sin6_addr, uh.uh_sport, 813 rdomain)) 814 valid = 1; 815 #if 0 816 /* 817 * As the use of sendto(2) is fairly popular, 818 * we may want to allow non-connected pcb too. 819 * But it could be too weak against attacks... 820 * We should at least check if the local address (= s) 821 * is really ours. 822 */ 823 else if (in6_pcblookup_listen(&udbtable, 824 &sa6_src.sin6_addr, uh.uh_sport, 0, 825 rdomain)) 826 valid = 1; 827 #endif 828 829 /* 830 * Depending on the value of "valid" and routing table 831 * size (mtudisc_{hi,lo}wat), we will: 832 * - recalculate the new MTU and create the 833 * corresponding routing entry, or 834 * - ignore the MTU change notification. 835 */ 836 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 837 838 /* 839 * regardless of if we called icmp6_mtudisc_update(), 840 * we need to call in6_pcbnotify(), to notify path 841 * MTU change to the userland (2292bis-02), because 842 * some unconnected sockets may share the same 843 * destination and want to know the path MTU. 844 */ 845 } 846 847 (void) in6_pcbnotify(&udbtable, &sa6, uh.uh_dport, 848 &sa6_src, uh.uh_sport, rdomain, cmd, cmdarg, notify); 849 } else { 850 (void) in6_pcbnotify(&udbtable, &sa6, 0, 851 &sa6_any, 0, rdomain, cmd, cmdarg, notify); 852 } 853 } 854 #endif 855 856 void * 857 udp_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v) 858 { 859 struct ip *ip = v; 860 struct udphdr *uhp; 861 struct in_addr faddr; 862 struct inpcb *inp; 863 void (*notify)(struct inpcb *, int) = udp_notify; 864 int errno; 865 866 if (sa == NULL) 867 return NULL; 868 if (sa->sa_family != AF_INET || 869 sa->sa_len != sizeof(struct sockaddr_in)) 870 return NULL; 871 faddr = satosin(sa)->sin_addr; 872 if (faddr.s_addr == INADDR_ANY) 873 return NULL; 874 875 if ((unsigned)cmd >= PRC_NCMDS) 876 return NULL; 877 errno = inetctlerrmap[cmd]; 878 if (PRC_IS_REDIRECT(cmd)) 879 notify = in_rtchange, ip = 0; 880 else if (cmd == PRC_HOSTDEAD) 881 ip = 0; 882 else if (errno == 0) 883 return NULL; 884 if (ip) { 885 uhp = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 886 887 #ifdef IPSEC 888 /* PMTU discovery for udpencap */ 889 if (cmd == PRC_MSGSIZE && ip_mtudisc && udpencap_enable && 890 udpencap_port && uhp->uh_sport == htons(udpencap_port)) { 891 udpencap_ctlinput(cmd, sa, rdomain, v); 892 return (NULL); 893 } 894 #endif 895 inp = in_pcbhashlookup(&udbtable, 896 ip->ip_dst, uhp->uh_dport, ip->ip_src, uhp->uh_sport, 897 rdomain); 898 if (inp && inp->inp_socket != NULL) 899 notify(inp, errno); 900 } else 901 in_pcbnotifyall(&udbtable, sa, rdomain, errno, notify); 902 return (NULL); 903 } 904 905 int 906 udp_output(struct inpcb *inp, struct mbuf *m, struct mbuf *addr, 907 struct mbuf *control) 908 { 909 struct sockaddr_in *sin = NULL; 910 struct udpiphdr *ui; 911 u_int32_t ipsecflowinfo = 0; 912 int len = m->m_pkthdr.len; 913 struct in_addr *laddr; 914 int error = 0; 915 916 #ifdef DIAGNOSTIC 917 if ((inp->inp_flags & INP_IPV6) != 0) 918 panic("IPv6 inpcb to %s", __func__); 919 #endif 920 921 /* 922 * Compute the packet length of the IP header, and 923 * punt if the length looks bogus. 924 */ 925 if ((len + sizeof(struct udpiphdr)) > IP_MAXPACKET) { 926 error = EMSGSIZE; 927 goto release; 928 } 929 930 if (control) { 931 u_int clen; 932 struct cmsghdr *cm; 933 caddr_t cmsgs; 934 935 /* 936 * XXX: Currently, we assume all the optional information is 937 * stored in a single mbuf. 938 */ 939 if (control->m_next) { 940 error = EINVAL; 941 goto release; 942 } 943 944 clen = control->m_len; 945 cmsgs = mtod(control, caddr_t); 946 do { 947 if (clen < CMSG_LEN(0)) { 948 error = EINVAL; 949 goto release; 950 } 951 cm = (struct cmsghdr *)cmsgs; 952 if (cm->cmsg_len < CMSG_LEN(0) || 953 CMSG_ALIGN(cm->cmsg_len) > clen) { 954 error = EINVAL; 955 goto release; 956 } 957 #ifdef IPSEC 958 if ((inp->inp_flags & INP_IPSECFLOWINFO) != 0 && 959 cm->cmsg_len == CMSG_LEN(sizeof(ipsecflowinfo)) && 960 cm->cmsg_level == IPPROTO_IP && 961 cm->cmsg_type == IP_IPSECFLOWINFO) { 962 ipsecflowinfo = *(u_int32_t *)CMSG_DATA(cm); 963 break; 964 } 965 #endif 966 clen -= CMSG_ALIGN(cm->cmsg_len); 967 cmsgs += CMSG_ALIGN(cm->cmsg_len); 968 } while (clen); 969 } 970 971 if (addr) { 972 sin = mtod(addr, struct sockaddr_in *); 973 974 if (addr->m_len != sizeof(*sin)) { 975 error = EINVAL; 976 goto release; 977 } 978 if (sin->sin_family != AF_INET) { 979 error = EAFNOSUPPORT; 980 goto release; 981 } 982 if (sin->sin_port == 0) { 983 error = EADDRNOTAVAIL; 984 goto release; 985 } 986 987 if (inp->inp_faddr.s_addr != INADDR_ANY) { 988 error = EISCONN; 989 goto release; 990 } 991 992 error = in_selectsrc(&laddr, sin, inp->inp_moptions, 993 &inp->inp_route, &inp->inp_laddr, inp->inp_rtableid); 994 if (error) 995 goto release; 996 997 if (inp->inp_lport == 0) { 998 int s = splsoftnet(); 999 error = in_pcbbind(inp, NULL, curproc); 1000 splx(s); 1001 if (error) 1002 goto release; 1003 } 1004 } else { 1005 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1006 error = ENOTCONN; 1007 goto release; 1008 } 1009 laddr = &inp->inp_laddr; 1010 } 1011 1012 /* 1013 * Calculate data length and get a mbuf 1014 * for UDP and IP headers. 1015 */ 1016 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 1017 if (m == NULL) { 1018 error = ENOBUFS; 1019 goto bail; 1020 } 1021 1022 /* 1023 * Fill in mbuf with extended UDP header 1024 * and addresses and length put into network format. 1025 */ 1026 ui = mtod(m, struct udpiphdr *); 1027 bzero(ui->ui_x1, sizeof ui->ui_x1); 1028 ui->ui_pr = IPPROTO_UDP; 1029 ui->ui_len = htons((u_int16_t)len + sizeof (struct udphdr)); 1030 ui->ui_src = *laddr; 1031 ui->ui_dst = sin ? sin->sin_addr : inp->inp_faddr; 1032 ui->ui_sport = inp->inp_lport; 1033 ui->ui_dport = sin ? sin->sin_port : inp->inp_fport; 1034 ui->ui_ulen = ui->ui_len; 1035 ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); 1036 ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; 1037 ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; 1038 if (udpcksum) 1039 m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT; 1040 1041 udpstat.udps_opackets++; 1042 1043 /* force routing table */ 1044 m->m_pkthdr.ph_rtableid = inp->inp_rtableid; 1045 1046 #if NPF > 0 1047 if (inp->inp_socket->so_state & SS_ISCONNECTED) 1048 m->m_pkthdr.pf.inp = inp; 1049 #endif 1050 1051 error = ip_output(m, inp->inp_options, &inp->inp_route, 1052 (inp->inp_socket->so_options & SO_BROADCAST), inp->inp_moptions, 1053 inp, ipsecflowinfo); 1054 if (error == EACCES) /* translate pf(4) error for userland */ 1055 error = EHOSTUNREACH; 1056 1057 bail: 1058 m_freem(control); 1059 return (error); 1060 1061 release: 1062 m_freem(m); 1063 goto bail; 1064 } 1065 1066 /*ARGSUSED*/ 1067 int 1068 udp_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *addr, 1069 struct mbuf *control, struct proc *p) 1070 { 1071 struct inpcb *inp; 1072 int error = 0; 1073 int s; 1074 1075 if (req == PRU_CONTROL) { 1076 #ifdef INET6 1077 if (sotopf(so) == PF_INET6) 1078 return (in6_control(so, (u_long)m, (caddr_t)addr, 1079 (struct ifnet *)control)); 1080 else 1081 #endif /* INET6 */ 1082 return (in_control(so, (u_long)m, (caddr_t)addr, 1083 (struct ifnet *)control)); 1084 } 1085 1086 s = splsoftnet(); 1087 inp = sotoinpcb(so); 1088 if (inp == NULL && req != PRU_ATTACH) { 1089 error = EINVAL; 1090 goto release; 1091 } 1092 1093 /* 1094 * Note: need to block udp_input while changing 1095 * the udp pcb queue and/or pcb addresses. 1096 */ 1097 switch (req) { 1098 1099 case PRU_ATTACH: 1100 if (inp != NULL) { 1101 error = EINVAL; 1102 break; 1103 } 1104 if ((error = soreserve(so, udp_sendspace, udp_recvspace)) || 1105 (error = in_pcballoc(so, &udbtable))) 1106 break; 1107 #ifdef INET6 1108 if (sotoinpcb(so)->inp_flags & INP_IPV6) 1109 sotoinpcb(so)->inp_ipv6.ip6_hlim = ip6_defhlim; 1110 else 1111 #endif /* INET6 */ 1112 sotoinpcb(so)->inp_ip.ip_ttl = ip_defttl; 1113 break; 1114 1115 case PRU_DETACH: 1116 in_pcbdetach(inp); 1117 break; 1118 1119 case PRU_BIND: 1120 error = in_pcbbind(inp, addr, p); 1121 break; 1122 1123 case PRU_LISTEN: 1124 error = EOPNOTSUPP; 1125 break; 1126 1127 case PRU_CONNECT: 1128 #ifdef INET6 1129 if (inp->inp_flags & INP_IPV6) { 1130 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1131 error = EISCONN; 1132 break; 1133 } 1134 error = in6_pcbconnect(inp, addr); 1135 } else 1136 #endif /* INET6 */ 1137 { 1138 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1139 error = EISCONN; 1140 break; 1141 } 1142 error = in_pcbconnect(inp, addr); 1143 } 1144 1145 if (error == 0) 1146 soisconnected(so); 1147 break; 1148 1149 case PRU_CONNECT2: 1150 error = EOPNOTSUPP; 1151 break; 1152 1153 case PRU_ACCEPT: 1154 error = EOPNOTSUPP; 1155 break; 1156 1157 case PRU_DISCONNECT: 1158 #ifdef INET6 1159 if (inp->inp_flags & INP_IPV6) { 1160 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1161 error = ENOTCONN; 1162 break; 1163 } 1164 } else 1165 #endif /* INET6 */ 1166 { 1167 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1168 error = ENOTCONN; 1169 break; 1170 } 1171 } 1172 1173 #ifdef INET6 1174 if (inp->inp_flags & INP_IPV6) 1175 inp->inp_laddr6 = in6addr_any; 1176 else 1177 #endif /* INET6 */ 1178 inp->inp_laddr.s_addr = INADDR_ANY; 1179 in_pcbdisconnect(inp); 1180 1181 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1182 break; 1183 1184 case PRU_SHUTDOWN: 1185 socantsendmore(so); 1186 break; 1187 1188 case PRU_SEND: 1189 #ifdef PIPEX 1190 if (inp->inp_pipex) { 1191 struct pipex_session *session; 1192 1193 if (addr != NULL) 1194 session = 1195 pipex_l2tp_userland_lookup_session(m, 1196 mtod(addr, struct sockaddr *)); 1197 else 1198 #ifdef INET6 1199 if (inp->inp_flags & INP_IPV6) 1200 session = 1201 pipex_l2tp_userland_lookup_session_ipv6( 1202 m, inp->inp_faddr6); 1203 else 1204 #endif 1205 session = 1206 pipex_l2tp_userland_lookup_session_ipv4( 1207 m, inp->inp_faddr); 1208 if (session != NULL) 1209 if ((m = pipex_l2tp_userland_output( 1210 m, session)) == NULL) { 1211 error = ENOMEM; 1212 goto release; 1213 } 1214 } 1215 #endif 1216 1217 #ifdef INET6 1218 if (inp->inp_flags & INP_IPV6) 1219 error = udp6_output(inp, m, addr, control); 1220 else 1221 #endif 1222 error = udp_output(inp, m, addr, control); 1223 splx(s); 1224 return (error); 1225 1226 case PRU_ABORT: 1227 soisdisconnected(so); 1228 in_pcbdetach(inp); 1229 break; 1230 1231 case PRU_SOCKADDR: 1232 #ifdef INET6 1233 if (inp->inp_flags & INP_IPV6) 1234 in6_setsockaddr(inp, addr); 1235 else 1236 #endif /* INET6 */ 1237 in_setsockaddr(inp, addr); 1238 break; 1239 1240 case PRU_PEERADDR: 1241 #ifdef INET6 1242 if (inp->inp_flags & INP_IPV6) 1243 in6_setpeeraddr(inp, addr); 1244 else 1245 #endif /* INET6 */ 1246 in_setpeeraddr(inp, addr); 1247 break; 1248 1249 case PRU_SENSE: 1250 /* 1251 * stat: don't bother with a blocksize. 1252 */ 1253 /* 1254 * Perhaps Path MTU might be returned for a connected 1255 * UDP socket in this case. 1256 */ 1257 splx(s); 1258 return (0); 1259 1260 case PRU_SENDOOB: 1261 case PRU_FASTTIMO: 1262 case PRU_SLOWTIMO: 1263 case PRU_PROTORCV: 1264 case PRU_PROTOSEND: 1265 error = EOPNOTSUPP; 1266 break; 1267 1268 case PRU_RCVD: 1269 case PRU_RCVOOB: 1270 splx(s); 1271 return (EOPNOTSUPP); /* do not free mbuf's */ 1272 1273 default: 1274 panic("udp_usrreq"); 1275 } 1276 1277 release: 1278 splx(s); 1279 m_freem(control); 1280 m_freem(m); 1281 return (error); 1282 } 1283 1284 /* 1285 * Sysctl for udp variables. 1286 */ 1287 int 1288 udp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, 1289 size_t newlen) 1290 { 1291 /* All sysctl names at this level are terminal. */ 1292 if (namelen != 1) 1293 return (ENOTDIR); 1294 1295 switch (name[0]) { 1296 case UDPCTL_BADDYNAMIC: 1297 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1298 baddynamicports.udp, sizeof(baddynamicports.udp))); 1299 1300 case UDPCTL_ROOTONLY: 1301 if (newp && securelevel > 0) 1302 return (EPERM); 1303 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1304 rootonlyports.udp, sizeof(rootonlyports.udp))); 1305 1306 case UDPCTL_STATS: 1307 if (newp != NULL) 1308 return (EPERM); 1309 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1310 &udpstat, sizeof(udpstat))); 1311 1312 default: 1313 if (name[0] < UDPCTL_MAXID) 1314 return (sysctl_int_arr(udpctl_vars, name, namelen, 1315 oldp, oldlenp, newp, newlen)); 1316 return (ENOPROTOOPT); 1317 } 1318 /* NOTREACHED */ 1319 } 1320